[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sentry
Subject:    Re: [Abacus] Portsentry and Trusted Servers
From:       Ben Ricker <bricker () wellinx ! com>
Date:       2001-05-17 16:21:05
[Download RAW message or body]

Bob Staaf wrote:

> Ben,
> 
>      In /etc you will find a file named portsentry.ignore.  Add the IP
> addresses of the machines you want to trust there.  It will ignore port
> scans from those IP addresses.

Thanks for the suggestion. I found that file in /usr/local/etc rather 
/etc. I will see if it reads that file or not at the next logcheck. Do I 
need to bounce Portsentry to have it reread the .ignore file?

Another question: the routes that it DID throw in there are resisting my 
effort to remove them. I am running Redhat Linux 6.2 without iptables 
support. So, I went the route deny method of shutting down the hacker. 
However, I cannot remove the routes that it is now denying!

I tried:

'route del -host IP_ADD' and got the message:

"SIOCDELRT: No such process"

as well as 'route del IP_ADD' and route del -host IP_ADD netmasj 
255.255.255.255', etc. All failed.

Since this is a production server, I would rather not flush the routing 
table since it will also flush my gateway route, bringing the server 
down for a minute or so.

 
Any ideas?

Ben Ricker
System Administrator
Wellinx.com

_______________________________________________

[prev in list] [next in list] [prev in thread] [next in thread]